I have a HeadOffice and about 12 brunches. Each point have 2 ISP connection. I used cisco and DMVPN technology. But after increasing bandwidth of inet links, my routers do not have enought CPU power. I thinking obout migration to Mikrotik Routerboards.
What is the best way to organise site-to-mutlisite vpn network?
I try IPinIP tunnel with IPSec int work good, but if use this, I will have a lot of Tunnel in headoffice router = dubble number of branches. I think this way is very complex, may be somebody will advise more better way.
Well as far I know there’s not on mikrotik that’s like cisco DMVPN. You’ll need to use hub and spoke or partial mesh topologies to avoid having hundreds of VPN tunnels. As for the protocol I’d got with gre over ipsec.
In case you are routing and not bridging, only the link to the centre and to few (2-3) branches should be enough together with ospf routing protocol. It will always find some way if it exists…
may be, I can use for site-to-multisute L2TP server with IPSec in headoffice and branch act as L2TP clients? I think this config less complex then IPIP or GRE tunnels for each branch. or I’m wrong?
I agree with you. I am using l2tp for similar purposes also but with static routing so far. I think that I don’t need the ipsec as mppe128 looks quite enough for me. But I a connecting just 4 places, not 20 branches…